Scope, not technology, the game-changer for mobile security

The massive scope and volume of mobile computing is posing some “interesting” new security challenges, says SensePost.

By Security Summit 2012 Johannesburg, 22 Mar 2012

While mobile security has been a focus of concern for some time, 2012 is likely to be the year these issues start coming to a head.

This is according to Charl van der Walt, Co-Founder and Managing Director of SensePost. He says SensePost is spending a growing proportion of its energies addressing mobile security issues now.

“This is not so much because mobile is inherently less secure,” he says, “but rather because of the massive uptake of mobile and the unprecedented degree of connectivity involved.”

ITWeb Security Summit

The ITWeb Security Summit and Awards takes place from 15 to 17 May 2012. For more information and to reserve your seat, please click here.

With the number of mobile devices such as tablets and cellphones set to outstrip the number of PCs and laptops in use soon, and with some forecasts expecting more people in sub-Saharan Africa to have mobile access than electricity by 2015, it is clear that mobile computing is big.

While the security threats against mobile computing may not be very different from those traditionally faced in the world of computing, the scope of mobile poses some “interesting new challenges”, says Van der Walt.

“You have to look at the threat model from the points of view of conventional IT security, privacy, control and management.

“But the challenges come in when you consider the degree of connectivity – you have WiFi, 3G, GPS, Bluetooth and NFC. People are connecting, transacting and communicating from a single, trackable device. In a sense, people are indistinguishable from their mobile devices – they know where you are, where you have been, who you communicate with and what you say. We have reasonably little control over this platform, leading to new debates on privacy and control. How this pans out remains to be seen.”

In addition, he says, unlike in a server environment, in the mobile world, who takes responsibility for upgrades and patches on the operating system is ill-defined.

“We don't think there will be significantly new types of vulnerabilities entering the mobile space, but there will be lots of vulnerabilities. And in light of the scale of mobility and the lack of central management, we are looking at what promises to be a very interesting security challenge,” says Van der Walt.

Van der Walt will discuss mobile computing and security challenges at the annual ITWeb Security Summit, to be held from 15 to 17 May 2012, at the Sandton Convention Centre.